Class DigestAuthenticate
Digest Authentication adapter for AuthComponent.
Provides Digest HTTP authentication support for AuthComponent.
Using Digest auth
Load AuthComponent in your controller's initialize() and add 'Digest' in 'authenticate' key
$this->loadComponent('Auth', [ 'authenticate' => ['Digest'], 'storage' => 'Memory', 'unauthorizedRedirect' => false, ]);
You should set storage to Memory to prevent CakePHP from sending a
session cookie to the client.
You should set unauthorizedRedirect to false. This causes AuthComponent to
throw a ForbiddenException exception instead of redirecting to another page.
Since HTTP Digest Authentication is stateless you don't need call setUser()
in your controller. The user credentials will be checked on each request. If
valid credentials are not provided, required authentication headers will be sent
by this authentication provider which triggers the login dialog in the browser/client.
Generating passwords compatible with Digest authentication.
DigestAuthenticate requires a special password hash that conforms to RFC2617.
You can generate this password using DigestAuthenticate::password()
$digestPass = DigestAuthenticate::password($username, $password, env('SERVER_NAME'));
If you wish to use digest authentication alongside other authentication methods,
it's recommended that you store the digest authentication separately. For
example User.digest_pass could be used for a digest password, while
User.password would store the password hash for use with other methods like
Basic or Form.
- Cake\Auth\BaseAuthenticate implements Cake\Event\EventListenerInterface uses Cake\Core\InstanceConfigTrait , Cake\ORM\Locator\LocatorAwareTrait
-
Cake\Auth\BasicAuthenticate
-
Cake\Auth\DigestAuthenticate
See: https://book.cakephp.org/3.0/en/controllers/components/authentication.html
Location: Auth/DigestAuthenticate.php
Inherited Properties
Method Summary
-
__construct() public
Constructor -
_getDigest() protected
Gets the digest headers from the request/environment. -
generateNonce() protected
Generate a nonce value that is validated in future requests. -
generateResponseHash() public
Generate the response hash for a given digest array. -
getUser() public
Get a user based on information in the request. Used by cookie-less auth for stateless clients. -
loginHeaders() public
Generate the login headers -
parseAuthData() public
Parse the digest authentication headers and split them up. -
password() public static
Creates an auth digest password hash to store -
validNonce() protected
Check the nonce to ensure it is valid and not expired.
Method Detail
__construct() public ¶
__construct( Cake\Controller\ComponentRegistry $registry , array $config [] )
Constructor
Besides the keys specified in BaseAuthenticate::$_defaultConfig, DigestAuthenticate uses the following extra keys:
secretThe secret to use for nonce validation. Defaults to Security::getSalt().realmThe realm authentication is for, Defaults to the servername.qopDefaults to 'auth', no other values are supported at this time.opaqueA string that must be returned unchanged by clients. Defaults tomd5($config['realm'])nonceLifetimeThe number of seconds that nonces are valid for. Defaults to 300.
Parameters
-
Cake\Controller\ComponentRegistry$registry The Component registry used on this request.
- array $config optional []
- Array of config to use.
Overrides
_getDigest() protected ¶
_getDigest( Cake\Http\ServerRequest $request )
Gets the digest headers from the request/environment.
Parameters
-
Cake\Http\ServerRequest$request - Request object.
Returns
Array of digest information.
generateNonce() protected ¶
generateNonce( )
Generate a nonce value that is validated in future requests.
Returns
generateResponseHash() public ¶
generateResponseHash( array $digest , string $password , string $method )
Generate the response hash for a given digest array.
Parameters
- array $digest
- Digest information containing data from DigestAuthenticate::parseAuthData().
- string $password
- The digest hash password generated with DigestAuthenticate::password()
- string $method
- Request method
Returns
Response hash
getUser() public ¶
getUser( Cake\Http\ServerRequest $request )
Get a user based on information in the request. Used by cookie-less auth for stateless clients.
Parameters
-
Cake\Http\ServerRequest$request - Request object.
Returns
Either false or an array of user information
Overrides
loginHeaders() public ¶
loginHeaders( Cake\Http\ServerRequest $request )
Generate the login headers
Parameters
-
Cake\Http\ServerRequest$request - Request object.
Returns
Headers for logging in.
Overrides
parseAuthData() public ¶
parseAuthData( string $digest )
Parse the digest authentication headers and split them up.
Parameters
- string $digest
- The raw digest authentication headers.
Returns
An array of digest authentication headers
password() public static ¶
password( string $username , string $password , string $realm )
Creates an auth digest password hash to store
Parameters
- string $username
- The username to use in the digest hash.
- string $password
- The unhashed password to make a digest hash for.
- string $realm
- The realm the password is for.
Returns
the hashed password that can later be used with Digest authentication.
validNonce() protected ¶
validNonce( string $nonce )
Check the nonce to ensure it is valid and not expired.
Parameters
- string $nonce
- The nonce value to check.
Returns
Methods inherited from Cake\Auth\BasicAuthenticate
authenticate() public ¶
authenticate( Cake\Http\ServerRequest $request , Cake\Http\Response $response )
Authenticate a user using HTTP auth. Will use the configured User model and attempt a login using HTTP auth.
Parameters
-
Cake\Http\ServerRequest$request - The request to authenticate with.
-
Cake\Http\Response$response - The response to add headers to.
Returns
Either false on failure, or an array of user data on success.
unauthenticated() public ¶
unauthenticated( Cake\Http\ServerRequest $request , Cake\Http\Response $response )
Handles an unauthenticated access attempt by sending appropriate login headers
Parameters
-
Cake\Http\ServerRequest$request - A request object.
-
Cake\Http\Response$response - A response object.
Throws
Overrides
Methods inherited from Cake\Auth\BaseAuthenticate
_findUser() protected ¶
_findUser( string $username , string|null $password null )
Find a user record using the username and password provided.
Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.
Parameters
- string $username
- The username/identifier.
- string|null $password optional null
The password, if not provided password checking is skipped and result of find is returned.
Returns
Either false on failure, or an array of user data.
_query() protected ¶
_query( string $username )
Get query object for fetching user from database.
Parameters
- string $username
- The username/identifier.
Returns
implementedEvents() public ¶
implementedEvents( )
Returns a list of all events that this authenticate class will listen to.
An authenticate class can listen to following events fired by AuthComponent:
Auth.afterIdentify- Fired after a user has been identified using one of configured authenticate class. The callback function should have signature likeafterIdentify(Event $event, array $user)when$useris the identified user record.Auth.logout- Fired when AuthComponent::logout() is called. The callback function should have signature likelogout(Event $event, array $user)where$useris the user about to be logged out.
Returns
List of events this class listens to. Defaults to
[].Implementation of
needsPasswordRehash() public ¶
needsPasswordRehash( )
Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm
Returns
passwordHasher() public ¶
passwordHasher( )
Return password hasher object
Returns
Throws
If password hasher class not found or it does not extend AbstractPasswordHasher
Methods used from Cake\Core\InstanceConfigTrait
_configDelete() protected ¶
_configDelete( string $key )
Deletes a single config key.
Parameters
- string $key
- Key to delete.
Throws
_configRead() protected ¶
_configRead( string|null $key )
Reads a config key.
Parameters
- string|null $key
- Key to read.
Returns
_configWrite() protected ¶
_configWrite( string|array $key , mixed $value , boolean|string $merge false )
Writes a config key.
Parameters
- string|array $key
- Key to write to.
- mixed $value
- Value to write.
- boolean|string $merge optional false
True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.
Throws
config() public ¶
config( string|array|null $key null , mixed|null $value null , boolean $merge true )
Gets/Sets the config.
Usage
Reading the whole config:
$this->config();
Reading a specific value:
$this->config('key');
Reading a nested value:
$this->config('some.nested.key');
Setting a specific value:
$this->config('key', $value);
Setting a nested value:
$this->config('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);
Deprecated
Parameters
- string|array|null $key optional null
- The key to get/set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
- boolean $merge optional true
- Whether to recursively merge or overwrite existing config, defaults to true.
Returns
Config value being read, or the object itself on write operations.
Throws
configShallow() public ¶
configShallow( string|array $key , mixed|null $value null )
Merge provided config with existing config. Unlike config() which does
a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);
Setting a nested value:
$this->configShallow('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);
Parameters
- string|array $key
- The key to set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
Returns
$this
getConfig() public ¶
getConfig( string|null $key null , mixed $default null )
Returns the config.
Usage
Reading the whole config:
$this->getConfig();
Reading a specific value:
$this->getConfig('key');
Reading a nested value:
$this->getConfig('some.nested.key');
Reading with default value:
$this->getConfig('some-key', 'default-value');
Parameters
- string|null $key optional null
- The key to get or null for the whole config.
- mixed $default optional null
- The return value when the key does not exist.
Returns
Config value being read.
setConfig() public ¶
setConfig( string|array $key , mixed|null $value null , boolean $merge true )
Sets the config.
Usage
Setting a specific value:
$this->setConfig('key', $value);
Setting a nested value:
$this->setConfig('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);
Parameters
- string|array $key
- The key to set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
- boolean $merge optional true
- Whether to recursively merge or overwrite existing config, defaults to true.
Returns
$this
Throws
Methods used from Cake\ORM\Locator\LocatorAwareTrait
setTableLocator() public ¶
setTableLocator( Cake\ORM\Locator\LocatorInterface $tableLocator )
Sets the table locator.
Parameters
-
Cake\ORM\Locator\LocatorInterface$tableLocator - LocatorInterface instance.
Returns
$this
tableLocator() public ¶
tableLocator( Cake\ORM\Locator\LocatorInterface $tableLocator null )
Sets the table locator. If no parameters are passed, it will return the currently used locator.
Deprecated
Parameters
-
Cake\ORM\Locator\LocatorInterface$tableLocator optional null - LocatorInterface instance.